I’ve been trying to create a public instance of SearXNG by using NixOS, Cloudflare and Nginx, but I can’t seem to make it open to the internet and I’ve ran out of ideas. Is there anything I’m overlooking?
services.searx = {
enable = true;
redisCreateLocally = true;
limiterSettings = {
real_ip = {
x_for = 1;
ipv4_prefix = 32;
ipv6_prefix = 56;
};
botdetection = {
ip_limit = {
filter_link_local = true;
link_token = true;
};
ip_lists = {
pass_ip = [
"192.168.0.0/16"
"fe80::/10"
];
pass_searxng_org = true;
};
};
};
runInUwsgi = true;
uwsgiConfig = {
socket = "/run/searx/searx.sock";
http = ":8888";
chmod-socket = "660";
disable-logging = true;
};
settings = {
general = {
debug = false;
instance_name = "SearXNG Instance";
donation_url = false;
contact_url = false;
enable_metrics = false;
};
ui = {
static_use_hash = true;
theme_args.simple_style = "dark";
query_in_title = true;
center_alignment = true;
results_on_new_tab = false;
};
search = {
safe_search = 2;
autocomplete_min = 2;
autocomplete = "duckduckgo";
};
server = {
port = 8888;
bind_address = "0.0.0.0";
secret_key = config.sops.secrets.searx.path;
image_proxy = true;
method = "GET";
default_locale = "en";
default_lang = "en-US";
base_url = "https://myinstance.org";
public_instance = true;
};
engines = lib.mapAttrsToList (name: value: {inherit name;} // value) {
"duckduckgo".disabled = false;
"brave".disabled = true;
};
outgoing = {
request_timeout = 5.0;
max_request_timeout = 15.0;
pool_connections = 100;
pool_maxsize = 15;
enable_http2 = true;
};
};
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"myinstance.org" = {
forceSSL = true;
sslCertificate = config.sops.secrets."SSL-Certificates/Cloudflare/Cert".path;
sslCertificateKey = config.sops.secrets."SSL-Certificates/Cloudflare/Key".path;
locations = {
"/" = {
extraConfig = ''
uwsgi_pass unix:${config.services.searx.uwsgiConfig.socket};
'';
};
};
};
};
};
Oooh! Check the users of searx and nginx! They don’t use your user but their own ones. You might have to add the searx user to the nginx user’s group, or vice versa, or a new common group.
Anti Commercial-AI license
Awesome, you were right! Thank you!
systemd.services.nginx.serviceConfig.ProtectHome = false; users.groups.searx.members = [ "nginx" ];For anyone looking to test it out, it’s https://search.teatastic.org/
Great! Thanks for sharing the solution 👍 (And the instance)
Anti Commercial-AI license